There is the question: Which three is right about Nbar? A.Static tcp/udp...... B.Dynamic tcp/udp..... C.I can't remember it. D.Nbar is stateful classficatin based on deep packet inspect. E.Nbar is subport classfication of http(urls,MIEE,host name).
Anser:I choose A,B,D.
Because this question I fail the core knowledge. only got 50%. I see the "NBAR is stateful classfication base on deep packet inspect" from the uploaded documents. I don't know why the Q&A is different from the configuration guide. Can I belive the Q&A? please tell me why ?????
Identification of Applications and Protocols (Layer 4 to Layer 7)
NBAR can classify applications that use:
● Statically assigned Transfer Control Protocol (TCP) and User Datagram Protocol (UDP)port numbers
● Non-UDP and non-TCP IP protocols
● Dynamically assigned TCP and UCP port numbers negotiated during connectionestablishment;Stateful inspection is required for classification of applications and protocols. This is the ability to discover data connections that will be classified, by passing the control connections over the data connection port where assignments are made.
● Sub-port classification; Classification of HTTP (URLs, mime or host names) and Citrix applications Independent Computing Architecture (ICA) traffic based on published application name)
● Classification based on deep packet inspection and multiple application-specific attributes. Real-Time Transport Protocol (RTP) Payload Classification is based on this algorithm, in which the packet is classified as RTP, based on multiple attributes in the RTP header.
So, Do you think " nbar is stateful classfication based on deep packet inspect " is wrong!!!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...